DLP: Users Need Help With Policy Definition

Anybody can put together simple data leak prevention policies, like filtering out any 10-digit phone numbers, or anything with a set of sensitivity words like "Confidential."

However, many policies turn out to need a lot of thought in order to define them, so that:

  • You catch most of the stuff you want to (i.e., high catch rate).
  • You don't catch a lot of the stuff you shouldn't be catching (i.e., few false positives).

With today's technology, most user organizations want help in defining their DLP policies. It doesn't matter if you're a very big organization, with loads of well-paid and expensive people. The focused experience of the vendor concerned usually comes in handy.

In short: It's a good idea to anticipate getting your DLP vendor's help with policy definition, and check that the vendor is set up to give you the support you'll need.

... David Ferris

Post a comment

You must be logged in to post a comment. To comment, first join our community.